7 matches found
CVE-2015-5741
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields...
CVE-2015-5741
CVE-2015-5741 : The Go net/http implementation (net/http/transfer.go) before 1.4.3 fails to correctly parse HTTP headers, enabling remote attackers to perform HTTP request smuggling via requests containing both Content-Length and Transfer-Encoding. This is documented across multiple sources in th...
CVE-2015-5741
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields...
openSUSE Security Update : go (openSUSE-2016-907)
This update for go fixes the following issues : - CVE-2015-5739: 'Content Length' treated as valid header - CVE-2015-5740: Double content-length headers does not return 400 error - CVE-2015-5741: Additional hardening, not sending Content-Length w/Transfer-Encoding, Closing connections Go was...
Golang 1.4.3 CVE Fixes | Cloud Foundry
Golang 1.4.3 CVE Fixes Low Vendor Google Versions Affected Golang v1.4.2 and lower Description Several security issues were fixed in Go’s net / http package. The CVE issue descriptions and fixes are linked below: CVE-2015-5739 – ‘Content Length’ treated as valid header:...
Medium: golang, docker
Issue Overview: As discussed upstream -- http://seclists.org/oss-sec/2015/q3/294 and http://seclists.org/oss-sec/2015/q3/237 -- the Go project received notification of an HTTP request smuggling vulnerability in the net/http library. Invalid headers are parsed as valid headers like "Content Length...
Fedora 22 : golang-1.4.2-3.fc22 (2015-13002)
security fixes for net/http smuggling Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...